Vulnerability Name:

CVE-2004-0174 (CCN-15540)

Assigned:2004-03-19
Published:2004-03-19
Updated:2021-06-06
Summary:Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2004-0174

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:839
DoS in mod_ssl and log escape sequences vulnerability

Source: CCN
Type: AppleCare Knowledge Base Document 61798
Security Update 2004-12-02

Source: CCN
Type: Apache HTTP Server Project Web site
Welcome! - The Apache HTTP Server Project

Source: BUGTRAQ
Type: UNKNOWN
20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd)

Source: TRUSTIX
Type: UNKNOWN
2004-0017

Source: APPLE
Type: UNKNOWN
APPLE-SA-2004-05-03

Source: BUGTRAQ
Type: UNKNOWN
20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)

Source: HP
Type: UNKNOWN
SSRT4717

Source: CCN
Type: SA11170
Apache Connection Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
11170

Source: GENTOO
Type: UNKNOWN
GLSA-200405-22

Source: CCN
Type: SECTRACK ID: 1009495
Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service

Source: SUNALERT
Type: UNKNOWN
101555

Source: CCN
Type: Sun Alert ID: 57628
Security Vulnerabilities in the Apache Web Server and Apache Modules

Source: SUNALERT
Type: UNKNOWN
57628

Source: CONFIRM
Type: UNKNOWN
http://www.apache.org/dist/httpd/CHANGES_1.3

Source: CCN
Type: CIAC Information Bulletin O-128
Apache HTTP Server 2.0.49 Release Fixes Security Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin O-138
Apple Mac OS X Jaguar and Panther Security Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin P-049
Apple Security Update 2004-12-02

Source: CCN
Type: GLSA-200405-22
Apache 1.3: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#132110
Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections

Source: CERT-VN
Type: US Government Resource
VU#132110

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0017
apache

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0027
apache

Source: CCN
Type: GLSA 200405-22
Apache 1.3: Multiple vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:046

Source: CCN
Type: OpenPKG-SA-2004.021
Apache

Source: CCN
Type: OSVDB ID: 4383
Apache HTTP Server Socket Race Condition DoS

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:405

Source: BID
Type: UNKNOWN
9921

Source: CCN
Type: BID-9921
Apache Connection Blocking Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1009495

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-133

Source: CCN
Type: slackware-security Mailing List, Wed, 12 May 2004 16:54:58 -0700 (PDT)
apache (SSA:2004-133-01)

Source: TRUSTIX
Type: UNKNOWN
2004-0027

Source: CCN
Type: TLSA-2004-17
Multiple vulnerabilities in apache

Source: XF
Type: UNKNOWN
apache-socket-starvation-dos(15540)

Source: XF
Type: UNKNOWN
apache-socket-starvation-dos(15540)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100110

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1982

Source: SUSE
Type: SUSE-SA:2003:014
kdelibs: remote file creation

Source: SUSE
Type: SUSE-SA:2004:008
cvs: remote code execution

Source: SUSE
Type: SUSE-SA:2004:009
Linux Kernel: local privilege escalation / information leakage

Source: SUSE
Type: SUSE-SA:2004:012
mc: local privilege escalation

Source: SUSE
Type: SUSE-SA:2004:015
cvs: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version <= 2.0.49)

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:100110
    V
    		Apache Listening Socket Starvation Vulnerability
    2016-06-13
    oval:org.opensuse.security:def:20040174
    V
    		CVE-2004-0174
    2015-11-16
    oval:org.mitre.oval:def:1982
    V
    		Apache Connection Blocking Denial Of Service Vulnerability
    2004-12-09
    BACK
    apache http server *
    apache http server 2.0.28 beta
    apache http server 2.0
    apache http server 2.0.38
    apache http server 2.0.39
    apache http server 2.0.42
    apache http server 2.0.47
    apache http server 2.0.49
    apache http server 2.0.48
    apache http server 2.0.40
    apache http server 2.0.46
    apache http server 2.0.28
    apache http server 2.0.32
    apache http server 2.0.35
    apache http server 2.0.36
    apache http server 2.0.37
    apache http server 2.0.41
    apache http server 2.0.32 beta
    apache http server 2.0.34 beta
    apache http server 2.0.43
    apache http server 2.0.44
    apache http server 2.0.45
    sun solaris 8
    hp hp-ux 11.04
    turbolinux turbolinux server 6.5
    trustix secure linux 1.5
    suse suse linux database server *
    suse suse linux connectivity server *
    conectiva linux 8.0
    sun solaris 9
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    suse suse linux office server *
    suse suse linux 8.1
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    turbolinux turbolinux server 6.1
    turbolinux turbolinux workstation 6.0
    mandrakesoft mandrake linux corporate server 2.1
    compaq tru64 5.1b
    mandrakesoft mandrake linux 9.1
    slackware slackware linux 9.0
    conectiva linux 9.0
    trustix secure linux 2.0
    openpkg openpkg 1.3
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    openpkg openpkg 2.0
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    apple mac os x 10.2.8
    apple mac os x server 10.2.8
    apple mac os x 10.3.6
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1
    apple mac os x server 10.3.6